K3S-Cluster/home-cluster-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #612 from 3dwardch3ng/app/gitea

Browse Source 
refactor gitea
This commit is contained in:
Edward Cheng
2024-07-23 01:08:52 +10:00
committed by GitHub
parent c3ded5a517 28861f1fc2
commit 63b97cf131
11 changed files with 822 additions and 780 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
apps/gitea/env/k3s-cluster/deployment.yaml → apps/gitea/base/deployment.yaml
View File

0
apps/gitea/env/k3s-cluster/ingress.yaml → apps/gitea/base/ingress.yaml
View File

7
apps/gitea/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./deployment.yaml
- ./service.yaml
- ./service-account.yaml
- ./ingress.yaml

0
apps/gitea/env/k3s-cluster/service-account.yaml → apps/gitea/base/service-account.yaml
View File

0
apps/gitea/env/k3s-cluster/service.yaml → apps/gitea/base/service.yaml
View File

778
apps/gitea/base/values.yaml Normal file
View File

@@ -0,0 +1,778 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
##
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
defaultStorageClass: ""
storageClass: ""
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: auto
## @section Common parameters
##
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override gitea.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override gitea.fullname template
##
fullnameOverride: ""
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ""
## @param commonAnnotations Common annotations to add to all Gitea resources (sub-charts are not considered). Evaluated as a template
##
commonAnnotations: {}
## @param commonLabels Common labels to add to all Gitea resources (sub-charts are not considered). Evaluated as a template
##
commonLabels: {}
## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template).
##
extraDeploy: []
## @section Gitea parameters
##
## Bitnami Gitea image version
## ref: https://hub.docker.com/r/bitnami/gitea/tags/
## @param image.registry [default: REGISTRY_NAME] Gitea image registry
## @param image.repository [default: REPOSITORY_NAME/gitea] Gitea Image name
## @skip image.tag Gitea Image tag
## @param image.digest Gitea image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy Gitea image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
## @param image.debug Specify if debug logs should be enabled
##
image:
registry: docker.io
repository: bitnami/gitea
tag: 1.22.1-debian-12-r4
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Set to true if you would like to see extra information on logs
##
debug: true
## @param adminUsername User of the application
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
adminUsername: bn_user
## @param adminPassword Application password
## Defaults to a random 10-character alphanumeric string if not set
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
adminPassword: ""
## @param adminEmail Admin email
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
adminEmail: user@example.com
## @param appName Gitea application name
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
appName: gitea
## @param runMode Gitea application host
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
runMode: prod
## @param exposeSSH Make the SSH server accesible
##
exposeSSH: true
## @param rootURL UI Root URL (for link generation)
##
rootURL: ""
## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []
## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached
## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
## terminate the single previous pod, so that the new, incoming pod can attach to the PV
##
updateStrategy:
type: Recreate
## @param priorityClassName Gitea pods' priorityClassName
##
priorityClassName: ""
## @param schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param hostAliases [array] Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param extraEnvVars Extra environment variables
## For example:
##
extraEnvVars: []
# - name: BEARER_AUTH
# value: true
## @param extraEnvVarsCM ConfigMap containing extra env vars
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data)
##
extraEnvVarsSecret: ""
## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`
##
extraVolumes: []
## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.
##
extraVolumeMounts: []
## @param initContainers Add additional init containers to the pod (evaluated as a template)
##
initContainers: []
## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
## @param pdb.create Enable/disable a Pod Disruption Budget creation
## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty.
##
pdb:
create: true
minAvailable: ""
maxUnavailable: ""
## @param sidecars Attach additional containers to the pod (evaluated as a template)
##
sidecars: []
## @param tolerations Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param existingSecret Name of a secret with the application password
##
existingSecret: ""
## @param existingSecretKey Key inside the existing secret containing the password
##
existingSecretKey: "admin-password"
## SMTP mail delivery configuration
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea/#smtp-configuration
## @param smtpHost SMTP host
## @param smtpPort SMTP port
## @param smtpUser SMTP user
## @param smtpPassword SMTP password
##
smtpHost: ""
smtpPort: ""
smtpUser: ""
smtpPassword: ""
## @param smtpExistingSecret The name of an existing secret with SMTP credentials
## NOTE: Must contain key `smtp-password`
## NOTE: When it's set, the `smtpPassword` parameter is ignored
##
smtpExistingSecret: ""
## @param containerPorts [object] Container ports
##
containerPorts:
http: 3000
ssh: 2222
## @param extraContainerPorts Optionally specify extra list of additional ports for Gitea container(s)
## e.g:
## extraContainerPorts:
## - name: myservice
## containerPort: 9090
##
extraContainerPorts: []
## Enable OpenID Configurations
## @param openid.enableSignIn Enable sign in with OpenID
## @param openid.enableSignUp Enable sign up with OpenID
openid:
enableSignIn: false
enableSignUp: false
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
##
persistence:
## @param persistence.enabled Enable persistence using PVC
##
enabled: true
## @param persistence.storageClass PVC Storage Class for Gitea volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param persistence.accessModes PVC Access Mode for Gitea volume
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
accessModes:
- ReadWriteOnce
## @param persistence.size PVC Storage Request for Gitea volume
##
size: 8Gi
## @param persistence.dataSource Custom PVC data source
##
dataSource: {}
## @param persistence.existingClaim A manually managed Persistent Volume Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
existingClaim: "gitea-pvc"
## @param persistence.hostPath If defined, the gitea-data volume will mount to the specified hostPath.
## Requires persistence.enabled: true
## Requires persistence.existingClaim: nil|false
## Default: nil.
##
hostPath: ""
## @param persistence.annotations Persistent Volume Claim annotations
##
annotations: {}
## @param persistence.selector Selector to match an existing Persistent Volume for Gitea data PVC
## If set, the PVC can't have a PV dynamically provisioned for it
## E.g.
## selector:
## matchLabels:
## app: my-app
##
selector: {}
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
##
nodeAffinityPreset:
type: ""
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## Gitea container's resource requests and limits
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "micro"
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enable Gitea pods' Security Context
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
## @param podSecurityContext.fsGroup Gitea pods' group ID
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Configure extra options for startup probe
## Gitea core exposes / to unauthenticated requests, making it a good
## default startup and readiness path. However, that may not always be the
## case. For example, if the image value is overridden to an image containing a
## module that alters that route, or an image that does not auto-install Gitea.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param startupProbe.enabled Enable startupProbe
## @param startupProbe.path Request path for startupProbe
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
path: /
initialDelaySeconds: 600
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
## Configure extra options for liveness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 600
periodSeconds: 60
timeoutSeconds: 30
failureThreshold: 5
successThreshold: 1
## Configure extra options for readiness probe
## Gitea core exposes / to unauthenticated requests, making it a good
## default startup and readiness path. However, that may not always be the
## case. For example, if the image value is overridden to an image containing a
## module that alters that route, or an image that does not auto-install Gitea.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param readinessProbe.enabled Enable readinessProbe
## @param readinessProbe.path Request path for readinessProbe
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
path: /
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 30
failureThreshold: 5
successThreshold: 1
## @param customStartupProbe Override default startup probe
##
customStartupProbe: {}
## @param customLivenessProbe Override default liveness probe
##
customLivenessProbe: {}
## @param customReadinessProbe Override default readiness probe
##
customReadinessProbe: {}
## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template
##
lifecycleHooks: {}
## @param podAnnotations Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param podLabels Add additional labels to the pod (evaluated as a template)
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @section Traffic Exposure Parameters
##
## Kubernetes configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer
##
service:
## @param service.type Kubernetes Service type
##
type: LoadBalancer
## @param service.ports.http Service HTTP port
## @param service.ports.ssh Service SSH port
##
ports:
http: 10080
ssh: 10022
## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`)
## e.g:
## loadBalancerSourceRanges:
## - 0.0.0.0/0
##
loadBalancerSourceRanges: []
## @param service.loadBalancerIP loadBalancerIP for the Gitea Service (optional, cloud specific)
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.nodePorts [object] Kubernetes node port
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
## https: <to set explicitly, choose port between 30000-32767>
##
nodePorts:
http: ""
ssh: ""
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.clusterIP Gitea service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.annotations Additional custom annotations for Gitea service
##
annotations: {}
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Network Policy configuration
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## Configure the ingress resource that allows you to access the
## Gitea installation. Set up the URL
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
## @param ingress.enabled Enable ingress controller resource
##
enabled: true
## @param ingress.pathType Ingress Path type
##
pathType: ImplementationSpecific
## @param ingress.apiVersion Override API Version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: "nginx"
## @param ingress.hostname Default host for the ingress resource
##
hostname: "gitea.cluster.edward.sydney"
## @param ingress.path The Path to Gitea. You may need to set this to '/*' in order to use this
## with ALB ingress controllers.
##
path: /
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: false
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: gitea.local
## path: /
##
extraHosts: []
## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - gitea.local
## secretName: gitea.local-tls
##
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## Example:
## - name: gitea.local-tls
## key:
## certificate:
##
secrets: []
## @param ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: example.local
## http:
## path: /
## backend:
## service:
## name: example-svc
## port:
## name: http
##
extraRules: []
## @section Other Parameters
##
## Service account for Gitea to use.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
## @param serviceAccount.create Enable creation of ServiceAccount for Gitea pod
##
create: true
## @param serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
name: ""
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
## Can be set to false if pods using this serviceAccount do not need to use K8s API
##
automountServiceAccountToken: false
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
## @section Database parameters
##
## PostgreSQL chart configuration
## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
## @param postgresql.auth.username Name for a custom user to create
## @param postgresql.auth.password Password for the custom user to create
## @param postgresql.auth.database Name for a custom database to create
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
## @param postgresql.service.ports.postgresql PostgreSQL service port
##
postgresql:
enabled: false
auth:
username: bn_gitea
password: ""
database: bitnami_gitea
existingSecret: ""
architecture: standalone
service:
ports:
postgresql: 5432
## External PostgreSQL configuration
## All of these values are only used when postgresql.enabled is set to false
## @param externalDatabase.host Database host
## @param externalDatabase.port Database port number
## @param externalDatabase.user Non-root username for JupyterHub
## @param externalDatabase.password Password for the non-root username for JupyterHub
## @param externalDatabase.database JupyterHub database name
## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials
## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials
##
externalDatabase:
host: ""
port: 5432
user: postgres
database: gitea
password: ""
existingSecret: ""
existingSecretPasswordKey: "db-password"
## @section Volume Permissions parameters
##
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work)
##
enabled: false
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name
## @skip volumePermissions.image.tag Init container volume-permissions image tag
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/os-shell
tag: 12-debian-12-r25
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Init containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}

12
apps/gitea/env/k3s-cluster/config.json vendored Normal file
View File

@@ -0,0 +1,12 @@
{
"appName": "gitea",
"userGivenName": "gitea",
"namespace": "gitea",
"destNamespace": "gitea",
"destServer": "https://kubernetes.default.svc",
"srcPath": "apps/gitea/env/k3s-cluster",
"srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
"srcTargetRevision": "",
"labels": null,
"annotations": null
}

11
apps/gitea/env/k3s-cluster/kustomization.yaml vendored
View File

@@ -1,7 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./deployment.yaml
- ./service.yaml
- ./service-account.yaml
- ./ingress.yaml
helmCharts:
- name: gitea
repo: oci://registry-1.docker.io/bitnamicharts
version: 2.3.14
releaseName: gitea
valuesFile: values.yaml

778
apps/gitea/env/k3s-cluster/values.yaml vendored
View File

@@ -1,778 +1,28 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
##
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
defaultStorageClass: ""
storageClass: ""
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: auto
## @section Common parameters
##
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override gitea.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override gitea.fullname template
##
fullnameOverride: ""
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ""
## @param commonAnnotations Common annotations to add to all Gitea resources (sub-charts are not considered). Evaluated as a template
##
commonAnnotations: {}
## @param commonLabels Common labels to add to all Gitea resources (sub-charts are not considered). Evaluated as a template
##
commonLabels: {}
## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template).
##
extraDeploy: []
## @section Gitea parameters
##
## Bitnami Gitea image version
## ref: https://hub.docker.com/r/bitnami/gitea/tags/
## @param image.registry [default: REGISTRY_NAME] Gitea image registry
## @param image.repository [default: REPOSITORY_NAME/gitea] Gitea Image name
## @skip image.tag Gitea Image tag
## @param image.digest Gitea image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy Gitea image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
## @param image.debug Specify if debug logs should be enabled
##
image:
registry: docker.io
repository: bitnami/gitea
tag: 1.22.1-debian-12-r4
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Set to true if you would like to see extra information on logs
##
debug: true
## @param adminUsername User of the application
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
adminUsername: bn_user
## @param adminPassword Application password
## Defaults to a random 10-character alphanumeric string if not set
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
adminPassword: ""
## @param adminEmail Admin email
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
adminEmail: user@example.com
## @param appName Gitea application name
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
appName: gitea
## @param runMode Gitea application host
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
runMode: prod
## @param exposeSSH Make the SSH server accesible
##
exposeSSH: true
## @param rootURL UI Root URL (for link generation)
##
rootURL: ""
## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []
## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached
## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
## terminate the single previous pod, so that the new, incoming pod can attach to the PV
##
updateStrategy:
type: Recreate
## @param priorityClassName Gitea pods' priorityClassName
##
priorityClassName: ""
## @param schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param hostAliases [array] Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param extraEnvVars Extra environment variables
## For example:
##
extraEnvVars: []
# - name: BEARER_AUTH
# value: true
## @param extraEnvVarsCM ConfigMap containing extra env vars
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data)
##
extraEnvVarsSecret: ""
## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`
##
extraVolumes: []
## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.
##
extraVolumeMounts: []
## @param initContainers Add additional init containers to the pod (evaluated as a template)
##
initContainers: []
## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
## @param pdb.create Enable/disable a Pod Disruption Budget creation
## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty.
##
pdb:
create: true
minAvailable: ""
maxUnavailable: ""
## @param sidecars Attach additional containers to the pod (evaluated as a template)
##
sidecars: []
## @param tolerations Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param existingSecret Name of a secret with the application password
##
existingSecret: ""
## @param existingSecretKey Key inside the existing secret containing the password
##
namespaceOverride: "gitea"
adminUsername: "gitea_admin"
adminEmail: "edward@cheng.sydney"
appName: "gitea"
existingSecret: "gitea-secrets"
existingSecretKey: "admin-password"
## SMTP mail delivery configuration
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea/#smtp-configuration
## @param smtpHost SMTP host
## @param smtpPort SMTP port
## @param smtpUser SMTP user
## @param smtpPassword SMTP password
##
smtpHost: ""
smtpPort: ""
smtpUser: ""
smtpPassword: ""
## @param smtpExistingSecret The name of an existing secret with SMTP credentials
## NOTE: Must contain key `smtp-password`
## NOTE: When it's set, the `smtpPassword` parameter is ignored
##
smtpExistingSecret: ""
## @param containerPorts [object] Container ports
##
containerPorts:
http: 3000
ssh: 2222
## @param extraContainerPorts Optionally specify extra list of additional ports for Gitea container(s)
## e.g:
## extraContainerPorts:
## - name: myservice
## containerPort: 9090
##
extraContainerPorts: []
## Enable OpenID Configurations
## @param openid.enableSignIn Enable sign in with OpenID
## @param openid.enableSignUp Enable sign up with OpenID
openid:
enableSignIn: false
enableSignUp: false
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
##
smtpHost: "smtp.gmail.com"
smtpPort: "587"
smtpUser: "me@edward.sydney"
smtpExistingSecret: "sonarqube-secrets"
persistence:
## @param persistence.enabled Enable persistence using PVC
##
enabled: true
## @param persistence.storageClass PVC Storage Class for Gitea volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param persistence.accessModes PVC Access Mode for Gitea volume
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
accessModes:
- ReadWriteOnce
## @param persistence.size PVC Storage Request for Gitea volume
##
size: 8Gi
## @param persistence.dataSource Custom PVC data source
##
dataSource: {}
## @param persistence.existingClaim A manually managed Persistent Volume Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
existingClaim: "gitea-pvc"
## @param persistence.hostPath If defined, the gitea-data volume will mount to the specified hostPath.
## Requires persistence.enabled: true
## Requires persistence.existingClaim: nil|false
## Default: nil.
##
hostPath: ""
## @param persistence.annotations Persistent Volume Claim annotations
##
annotations: {}
## @param persistence.selector Selector to match an existing Persistent Volume for Gitea data PVC
## If set, the PVC can't have a PV dynamically provisioned for it
## E.g.
## selector:
## matchLabels:
## app: my-app
##
selector: {}
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
##
nodeAffinityPreset:
type: ""
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## Gitea container's resource requests and limits
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "micro"
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enable Gitea pods' Security Context
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
## @param podSecurityContext.fsGroup Gitea pods' group ID
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Configure extra options for startup probe
## Gitea core exposes / to unauthenticated requests, making it a good
## default startup and readiness path. However, that may not always be the
## case. For example, if the image value is overridden to an image containing a
## module that alters that route, or an image that does not auto-install Gitea.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param startupProbe.enabled Enable startupProbe
## @param startupProbe.path Request path for startupProbe
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
path: /
initialDelaySeconds: 600
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
## Configure extra options for liveness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 600
periodSeconds: 60
timeoutSeconds: 30
failureThreshold: 5
successThreshold: 1
## Configure extra options for readiness probe
## Gitea core exposes / to unauthenticated requests, making it a good
## default startup and readiness path. However, that may not always be the
## case. For example, if the image value is overridden to an image containing a
## module that alters that route, or an image that does not auto-install Gitea.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param readinessProbe.enabled Enable readinessProbe
## @param readinessProbe.path Request path for readinessProbe
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
path: /
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 30
failureThreshold: 5
successThreshold: 1
## @param customStartupProbe Override default startup probe
##
customStartupProbe: {}
## @param customLivenessProbe Override default liveness probe
##
customLivenessProbe: {}
## @param customReadinessProbe Override default readiness probe
##
customReadinessProbe: {}
## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template
##
lifecycleHooks: {}
## @param podAnnotations Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param podLabels Add additional labels to the pod (evaluated as a template)
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @section Traffic Exposure Parameters
##
## Kubernetes configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer
##
service:
## @param service.type Kubernetes Service type
##
type: LoadBalancer
## @param service.ports.http Service HTTP port
## @param service.ports.ssh Service SSH port
##
ports:
http: 10080
ssh: 10022
## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`)
## e.g:
## loadBalancerSourceRanges:
## - 0.0.0.0/0
##
loadBalancerSourceRanges: []
## @param service.loadBalancerIP loadBalancerIP for the Gitea Service (optional, cloud specific)
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.nodePorts [object] Kubernetes node port
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
## https: <to set explicitly, choose port between 30000-32767>
##
nodePorts:
http: ""
ssh: ""
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.clusterIP Gitea service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.annotations Additional custom annotations for Gitea service
##
annotations: {}
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Network Policy configuration
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## Configure the ingress resource that allows you to access the
## Gitea installation. Set up the URL
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
## @param ingress.enabled Enable ingress controller resource
##
enabled: true
## @param ingress.pathType Ingress Path type
##
pathType: ImplementationSpecific
## @param ingress.apiVersion Override API Version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: "nginx"
## @param ingress.hostname Default host for the ingress resource
##
hostname: "gitea.cluster.edward.sydney"
## @param ingress.path The Path to Gitea. You may need to set this to '/*' in order to use this
## with ALB ingress controllers.
##
path: /
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: false
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: gitea.local
## path: /
##
extraHosts: []
## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - gitea.local
## secretName: gitea.local-tls
##
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## Example:
## - name: gitea.local-tls
## key:
## certificate:
##
secrets: []
## @param ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: example.local
## http:
## path: /
## backend:
## service:
## name: example-svc
## port:
## name: http
##
extraRules: []
## @section Other Parameters
##
## Service account for Gitea to use.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
## @param serviceAccount.create Enable creation of ServiceAccount for Gitea pod
##
create: true
## @param serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
name: ""
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
## Can be set to false if pods using this serviceAccount do not need to use K8s API
##
automountServiceAccountToken: false
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
## @section Database parameters
##
## PostgreSQL chart configuration
## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
## @param postgresql.auth.username Name for a custom user to create
## @param postgresql.auth.password Password for the custom user to create
## @param postgresql.auth.database Name for a custom database to create
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
## @param postgresql.service.ports.postgresql PostgreSQL service port
##
name: gitea
postgresql:
enabled: false
auth:
username: bn_gitea
password: ""
database: bitnami_gitea
existingSecret: ""
architecture: standalone
service:
ports:
postgresql: 5432
## External PostgreSQL configuration
## All of these values are only used when postgresql.enabled is set to false
## @param externalDatabase.host Database host
## @param externalDatabase.port Database port number
## @param externalDatabase.user Non-root username for JupyterHub
## @param externalDatabase.password Password for the non-root username for JupyterHub
## @param externalDatabase.database JupyterHub database name
## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials
## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials
##
externalDatabase:
host: ""
port: 5432
user: postgres
database: gitea
password: ""
existingSecret: ""
existingSecretPasswordKey: "db-password"
## @section Volume Permissions parameters
##
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work)
##
enabled: false
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name
## @skip volumePermissions.image.tag Init container volume-permissions image tag
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/os-shell
tag: 12-debian-12-r25
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Init containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
host: "postgresql-primary.argocd.svc.cluster.local"
user: "gitea_user"
existingSecret: "gitea-secrets"
existingSecretPasswordKey: "db-password"

12
resources/app-secrets/env/k3s-cluster/templates/gitea.yaml vendored
View File

@@ -9,15 +9,9 @@ metadata:
namespace: gitea
spec:
encryptedData:
admin_email: AgA9oimJQpXAdvmQRSd84ygn/l5bSr+o8Cv10oY6qZA6Qp+FpK90o3433HWPrGGXJ+ewGJ4r1LGH7wyHlrsdem8EphjKdqz73WMSnv4Wtjao2P1txOjEmpusn3444j0fT3d8PY+8Q07x0Mj2AGqOIyzAHZfykT9AgX+xJygVv7jt1pjO4KYdtfD2QPt+jPShxpVXD+IP/euf+6rVNbudk/vJgGO4I/ITLlX2tL28vClHEzLst3Us4R81WFztcCbPc93wxvO6QFy5AlrA5CVP2lQJCj/E6uYbc1sO3WdrmkKVyecYd67nVstqp8CWf7qclBuDpj16IDDC+93jbGR6AydvQCgb3tAOGpW9IWghCoiHlWawcMqwbdweVYNF+Z7Rssprt4m60X0+sdMtq7vp43wIqJHWq8jZeLwlEKJDyT96uL5kfnmRpo0tTzbAbQVKBZ5hskJm+ga3Tld42nZytlXx3occ5qABRF5CotqTEtaT9JNPX3yPOVcVegUpmQeQa65Ssg7cJagC9ud1hwoYe/IxOub4xogh+gEDdIipiPGxHDdFZFXCwAVkEJdfBbH5zFXNpr7t8jt0TBkOLvsGzMsgZxqIXHVMrOW/a73urLXiflzEzmU6NET1jji7gwS6rj1Q/cKTNI5R9EsElafGsKy+jsF/BUMiNqInrMbOs+edyaM4S6enYMZU5pJ0HBBdF3AQRZKPSzXn1TFLQYsXkhm0UPC/
admin_password: AgBUy2a0J9nZxlngZu9Wl/NaRt+7GtpV1JJbFUNdYgNVInvUL6RO7dQz7zzKepmo4yuBIId7GA/NWvxd4qP9Mwm6/hIGuwNaRzK4vtJrDG0O1pUjJz3gDD5snFYtUEVf1XmBm7YklMy3fNWif7BNbBhHB/RjgD01fpFL5s1y36UxHoicaaLB/iWJXv+ZvKRpnmbsAuxtIwH2Cn0i/mJR0elk80I2ZfwXjfmv49u/R7L86g6aq/XpeFfJ+q0t0ZTzfA98HA6GtUqDw58lshTFbXOwYV5h6JDoKs3yLucu0Q+L6LteEj1PHYB7yDH3/25gMi0ckzJP/Hz8dde8BwO3UQDZtIZ7SvOznXMd3DIj6693URnp4LwPC3UZKqZMUFpGVuZAWQa6w8rmRSBqbsSIwYdEDoAz3Cmw/EJjGQpfs6/n8UZgZ6P78T5cCOEBTpbd1lRR7KcaJqU4mFCJHPSHrxMPi7zEXVrtXEYqIwWN1YrHvFxw8FN+H/Dyq3B6g45hj786uRjOFkbS6I/mgmo9IUhQQgKn9H5K5ze9WGLGl00LR8JPYAdvMnC14IzTVeceU44G/fbZStP9mkayZsBlA/OvGFTg14qC5o6agjB0vZmQkyFYKm7h36Bu/UcLUljNmN7IruLd4zbn+N77mGatjMufJP9tQkfv4YL5NWxUz1v5UY+WG0JIjLj+svawce9xJftk9LJ185VHlnHztFoutTI8e6l7PQ==
admin_username: AgC4ih1J5E8YEKBWLrgCbApElhIF75+B7504aIAVM3GfnUI7sdKIlxfjCAR+4vtja6CpTlwNN9GHyq+jNeBQN662R1mm2P4p3/V1tZ3dpwi1xAaPn0JoFVnILO/mkwHGvfKaXeiAscZoVm+s4TNQ5vXNRyPaCNW72tHxBfkTXQOXUyf9sWIX0Mq8eEa6uAkAs/MKwOrU4q2UWn5ASjpy1m/AMJyDB4O/XifxcuAV110ragDLnKJVPoKsw2xdYMSF7nWt2mlKYGzRJKuNYSBZOaUGM4/oqKtPMr2TUxv/ktqZaJ9x2O0kRV+GIJdYJo+XWtZVZtuYN9YZ1++m0A/QECp4ADlh8Vyq7qXPBNYa2k3m6K6yWJk14gl1t+Pamg4fveR0gB52Ow0xFJl6856NfB3/umtWk21TVN1Sx/aZrspJqzqNY9FM0XCZXd4M800LnqwkNdHzuSwNe6kD9Hb1P8v/SrCPfjdhZpFv4msCCXQ8AJ2hx7DV8v8SqYXqjsCrPDxVdcvyOZMEhNXwN53BajE/6dkvy0oFg3aWCd/mupqbPrVdij5+vaEpuyaD8EfnB2K9fOF4XgKYivBAZwvkF3eO81vkrEpqMSABbo2WC+isbWGBsnmzVAw1MNpUj4Vy4pIWJSY+S/fwqRUvF7TMuixW1X6+ZUyhwu3T966o3gm6a1p2D2/B/oil7jYfn8NP+386FjN9/xeMZ6ar5Q==
app_name: AgCshGi1SYnZS+R/EVHGyEPOdwYPKSGHd3Q/1MeG00bHp4JK/hMoOf2qnXdIFk08F/uGaJfRajjMXWi/D8aTiFxAMkpg2Ao4Ow5jg7tX42gvXk2qiav6LDf+Vx2jpcBBIrqAt8GBwNBYOJ8g7WMTYqSU8KyFRjGo4ZS6r840OVmyKNzHWLh6S9QICYjSjw/4XGdSdGu7zSFnHxEzM9SnD4K4R5Ndmlkog3gikTMaRApGLg964E+hUQ9VG1hzlhuOtfrgmau9mdELK1zv76JoVqRkLG9ikR05R7OJIzaF/2ozvZWQcIvyApb6axREuBBNbMjn6o3EW83zxO0zUZFbqon0pEUBoPmPC584kQU2DfJjNf8CzBPPMBQVYv4UCPiMdax1xnV5Wm06AuLW9zG3WH5Myf8Zv/qsvISfvtwym4LC+NDLVztc+x8FFERJYsMG/+ndpY+R5Ln1PIZ/8tE6BgSQ0Y3m1ep+gr9H1ZfFEhqcbIE0yWzPsmW+F5xsIhQwm0F025jUF1y7IA1T55N92nHkEcyuwfu2z4kKuEm+AT1hGOk3a2tpVbdEvLXDpl0irfaOyiiunH06jvhliKgfHxCwQGihSD7lfEJUapSh17rXcGEDFXvOGsql4448JuQHB8j5Hdn7xGImF7VtzP0V738rXyMzgtoiwb0QTNl+TopnoUHXElu255ZekHX5RT7LagM8p3kx3g==
db_host: AgA7m/x+3dVniLN1p2QhvuFNQKBZ1g+554+q02kbp498LEvg7xlabvcYdYkK+PHi+KoirykenJqyo3eZdwe1LkoSqAgp3LJNF/xWKU1ulpVhZRk68VgGcMdG70cKH9uk9irbOxSRkt/d07yeY1Ba/68PrYy56Lf03hnNyh+RyCMpISy3q7+EwZc6oiqcmV6rxr0AbP1iqV6G6kDVa0iQEerOnOZ0clXjZOERyhGFAv2jEqHuKQXdJ+Su9YIduqoQj+/7yrhmi+ifj33dGAQrZxZlIFcd5PdPJMhSo5WsjCP6bP6a10hi5m0bv6z56Z7dgqHeXzXPJnpnU1fjb4crrJRkSOJzR2mtVlLI8UGdNU7hkYFNvrV4lNDXhcyd8W8cTMCVIJzIW9g5mporMZdghlCwwZkti1CpAshLlKeF3iOUdX0nYWVGNLURg6Kkvta2GwbL3rVMxgZ5HTcWoulvMT12aRPRxGhsyLvXiAS9C+b6XQSSl1k2lvpoLDOhQJdoCHXByUxi3YBElAdfNZ+IQ1Mc855+ZOz1UO7lHiqadpCnVgT32TnZVwGZJKE/B8Sr7AfRtp4n//g6q1XlMdTwkyFtHP36dPKidnUd2ReYzysvMThvVy45dSMXBET6x8t4k4QbhjtSMHMunKLmVsur3tTb3T6t03T4NG3tb4+oWofxCCBCrFUIlddawLodZv7fP+AuuqKrumJWfYfF8xNIwVzTC98U+Kq2OsXyCw/7PLXhc4jbNeQes8TBmcaNJDxV+w==
db_name: AgApTQ4a2gBfYYAeXjkkO3CsJouadi8n4TZzyPW+KMtbgFXq0RP6T3jwPnf9SWFlZxkoDUtwiQWOXPN6jc/B+pd3CU/dpqCBD/Nf/BX91VoWvzyYXnBHkLzTiU7CXBn3J5omjLnm16YrAaxxk3b/L6RZSqX1DVunlXBIgIHYY2egyKWx2YblH2DXF65eI0eQ3wjy1nf4akdVEOZJnP2nPb36Rvs6ZYo5UjuxqkeVNum5+R7R4yTmdbADdyZPswxczSh3NT8/7dJA56Sg+BXDrdNlpahoApDfLWm/S58XDN4bQt7bE180nbeFYnNMcxdNTqkldAzfLff4CWfeTmK+F9sHCmtB1af9NZrR2/mLG3+v8tUP+EsLUbp8HeAxV3TXqaaAEOCI0lRT3/YDHnCuS/nNGndwfCUHyJhjA/dCpkY4mol4Y592bCf3RomdZOH5dSlwc/opRn+hJKzWsFZgUxG4miQ09Htti9op4gK5cX1NVmUegSLeLF9GtxzTd0/Qf2u3t8yTqIGNCjohtWnHY8pI4q9oZmc6hw/62y1nFhCnEPuxsqkYQr0Y6+CjQ0/D1eHQCLR2pe6tjvy4rgJBiIwG1Ns/ipNrC/7pegb+XwQ35lVDGvO9knlCzYwnt4piBYly3/I4NW3oswHLvC0488FXcJt0jtVTGZKQCGFwzZs84ZtnrHuAZqiKsoWCMirc2KnIdJePcQ==
db_password: AgBdld/wramisqL57iY8Uc3OtssE+T3bIWoRugg9NcKBEG5CgHtBjO1wlS/LVPKBi0wrliFfpwGuXZWl7GemhFi1AxVLZ3NuR5R4sRG/+jFwc4AktaugrUIxnAgRetLBYPQMxOnsVVU4hnPfTHjd8WK7mciLzaqvMaVWHLV2PFQhGFAyag0Ud97qZ1FnlqYFPyg1JK/Hiv6sQ+zS6CqrMwtlcJHRjvZntDXe5EMV7pObxFoxuCI68SGB9yDiYZIHbD/wBbZ7B1coQVVeqIGOkxDfKUk3xz1CfXoH9Jp9uHVayssa5kh1cEjuyyiaqE4laHH5bgDBWSU32ZhABZR4uVHOrOAf3p2EZvriCJVYGQ4TYKlzJlf8H3/F1B8lTlyXxBgcKjyZskCaYG9/V12WxoeQPfucH1nN4WJi8mwcD9GqnbHC6UE6Q6EW8QG9D/iIdv6kAzrVXixhSHrSOLUf4N6hDQ/E37IuWLwdSGfIseCGShX7Er/7aRTILMX5v4zrTZbs4ih+rWzy0vDIhe4jl8N8MTQqtvpryfCSdFxqIk00MMh9zBftFXKAVXKk/1AQclAQHc/b/fgZrM9kbAX1Jo2zKblD07tas+/9vlL4MQ70UDsmz37/6uAhA4diQi8tmiqIMxoeTnqs1f5HMDkVuy7hyLV/Xg4ZA2U9RmdqnpGcmrWc1BpUf8cL4AjItf6tSdWc+ch6UvDx/lBzDeJpJsezTjnsQA==
db_port: AgB7IN1Gs3WBKPvMujyS1e9AqxotjmQOv2QfOqX6dGEYEET4Ay067xcdbyns6oczUnuQyKpIr79oZzeezevPM+RTVYCwEyTxF84Qcs9h/psY61cYOEwNcIu+m5iP+qb2sFlopK6QZk03zPyd1XZ5TlRw6Nv2Nt3gPvoksgG7L0CM8xWvcpcG2/khh9UuckUGErcaK3nMxdKAKZLjVaVdRIC78u03NEc4cj9KH7r/Zz5PZXOVlZyUAxCtUMe0NHs7bFhRp5Boxa+Jz0cfJ4fDZlwHgMQLxi8nQbKmZf1B3HY4+zUYShBrxWWFBimqpctJDFpV4z5DHJVTeFSxgPXh0t5qsYikeeVqDnbGMx+4yyno3+IkD+Se73z7boS5sbYhPtifm1dS88DbAMDckMAiR5ktDLbItSwGoxGTegqmhbvUtxhpzl64Q6yrrQetJ/sT/j+Q6YWCqrnhQvgcR9rasFCUswGmnr0cF9jYVRkDHpK4Ehwf8HNriyY1RlDnopBGtx+t7hUb7yrNoSnJQEVSCKCMkxOzP9gMsfZptO66MWsX+Jbr9vQV88Wzqshe5oYTJk8UkqeOqZLPp5aKs/5uv/BJNGwJbDuMlXmX8ZU5c4jn0FyzGeamqxqttgIonXgo0eeR4FwV5NTLgX1h5IETMKHBsNbzmJuu9fF92pycYVeb3AngMMKveLqkN2y/s/bKBNGFtcyh
db_user: AgCwCgsYWuB3S4PaAA/WSoTrqABcJnFrmu8ud6FUk4tQjhBySGlODANZVI9XoHh16iNRMSLiVlUihiyr8d/Dh9TP7Q4nwKlLoRmObbH5hyqPEC+y+phccwC8OSQ8pA/Xy1mv+dQhH8Ssz3hR2UGdS8BBEeBgnLZYJR1B0zOrAijCnv6lsdDY6dIuLv3ijsRtIzHIT2Q1UcvJrd3cP16PT2xKw+3X7rPURkMRwbDKyKslhpJeVohVc7SoG04SUXZ7GUtR0S02WIrd3UXfjXcrV1fa5C5ssRN9CEMs0TWBo+0q/tp81mPFYPEbdWsKGBZ+1VxGL0PnbiMJBizGq3YOBU3KY2irXSipsWXeoZOOK8d4E8lnT0toVKFSafp8tkASxT7pEgVrJ5QPlcT5wO/eMehNQ4ZMc1DPAUHD740il1q2Zse9JMsa5sYu5SCsvaAC5ON0w6111AM9OS5t3jxN/lMhcZFqAtcLtDL9Ut68KBtvWEnPJdqnT8mRjR0bH0wLrjv1Irzdt7yHHIkZRjLRaxWXrnNfj/UaRkAsCRtD0aqtWe/grU7pj7ud9i5b849gJl9Ps6zsvwtW4ZBWDtn6TWUjn1dhKqOz78qG561YqTRSE784O66vZwHlAsq9Ow2K/mQCBdOA39vJgIg+xtyMvRG1Upissq2WOzECyY+9jsOBowVKcSKSCUBADHF7oNJqcTcez/zNIZ1viNbB
admin-password: AgBOc0Fe32b91T1Y2x1A+NtK+IP/P8J/3z0XHP/+3yP1Nrzl6PvQbyNXPZCCpjH1CSek+8JmkfXKtOXd1MQ6/AFfRo6MaNV4fmW3UZsrEyjx69pKuif1Ej32y2JM22sMvHzfgDDjeyqpZQ19DTh/rtLoGkV5QQkeQ7Pnd6zX0ksrUezrKBzIv4NcSkzLzU0NBkmPS4VSrO52x95xqdDmI9KtYDVaBaJ0MRkltsrHXHPqjVFlDchuXTBD+D6sL2VMB0fLvyNAAgYnQV8dlMxyoV3zn/zdlXofy4INtQ6ZbK/WEIV+2aujyYAs787197CXc6QJGGhXo4WWfSbSueAVHcGu9RZJFcMugslwnGKtqC3oCTkqHWqvXkMRCZsVVu4dxxoHvxe39B0/J31ZF650mrkxOMaxFpIszGievFmdFhgcsicrgUXCDbkxIH+Uphs+piZK0Ec3c20oINZKjlZbKXQW3Pb2Ln85FGnIEelE7svryzv5mrr9C4SBvU0j4O/4q5XMZa8iU7ncX1crK7fzYjlSzHl0xPmuT/hyoSf7ULRnZxjiYqPffoAyjMxlWmbI81VqgMEMFkchhMWgDYelfki0FDtbn2RXBLB/MHe9blXr42GaW8SIbnQeFt4ATD1JLeqJyaCmH3mpBuSoJb6ngdeswfZDneumQfufQ6wwLCwoARLXGpEJD9Bcl5GrNxqXB7qc0E1jVZIEEVXM4XL0i8GBqnoA6A==
db-password: AgAPxChdWn6aw0hn9qcstz2BBE+sr6wEYhHgQ8MjoFsS1bQXoEE0B9KS3Z1L8bo9Xo+gvlk6funXa2X+Cdl11AYy1mzGCJDLpZu6EIrI2dpQd0aMHCyUspB0PZ8fGvIcNsxcDFRUwWt0IZ4LyxUNXsekbets0RpreDI3rDtoutcJWaKPI4LZKAK9bLyC5WAcLaJf/bj3JxCMcIzWqg6XvY6L1qRjVQxvZ7Fubs9IsbyTFWryINfS019IVSFa/iwXSNwk6f9fv8e0clkbw/xzvVZTLP7uRDxacsZWasjUofxNTNlHeYnBvjTQTfDvIcUEriQ4RyZyk+3wzh6n7zwbJ/fKKzRq11xFAsEnmkxtEtlU2bmphd0xfhZvuXvbN04zv5pHlYjU7qWSdYSY338NsD9LeJS/Jt8pUv2icOwk3DUDmMcsGC74vdvaNCPfkBkmAp5lxf+WnMaIJcEQU4gJ52EdPR1tqbMqJ/t3FYQeSA1erPq7LHoczzN3t+GfctxLLQGqY1OikDJdza+aX55QIDbRX5g3EetTklxZuTMRMtSFCdByaRiwPyutQaBSBxQkPSv4rkOoHFc8trHmfj3/nQtcjNVH3kyrR7rmw2hiSd6QJ05KCu83FTjh7qvlCPY0taltE6mmCb+PgWmMg8bg+jhqdbmIwnugB6RvdrKJkB1RE4w3KRpPXt4yE229OeKU8JNrHG4vG0HbY6nzXVplDMVMc0/A8A==
smtp-password: AgDeVCiOlfLQReoytKqcV7sRQ59SGPo7pu/7wdsaLbpl8wA0PJ8W2ucgMsj6vi1Qemyz7z4+aq+E1SzIl59woC2eouusPNyjk52LfD3R2z2bChkHsfy8P49Cb31YPuL+qcByxUR1aJvbWegToEMUFaqDFsJno1wxLmDmWjLEYtIdspEhCWnWNdnpuSXD4VyXAAJjElNQj81SYGbXdcD6BrLf9iOBX1PdghwigsDqQ12vdGUUMRNKWm5Rw5mkkh0XveaCAFEfegE5XC007qyx/3wte9FhbDPdx94+Svrj2vdQv/WjLVJVPpjKbIkd1pBf5LmrFUK7yPdlXzkqmBnIN16ZLB2CSzVNN3EPAuG+ZAlD4Sm7kKtSb/uiZX5Le7niJQ+K0bwvsjtO3VLSV6HLbFO5Mw16klvZ4jWHcAA21/mfl4OjHKv9yagIfELm3LdlNPvwJfyA7v7L8aHEnPtUbl7iXajHCg2uTofBX14/XZk8EcK/IxouNOvqMTIxxcUiufIWUgBm6/q0BDnghyia4oJYFAOTA484RlM9Cfv1Alta/9S5buKwSGkhDM/NZZ8qYt4SqIVhYxBUaYZnz+DqmzEVDm8C8u+1PlJxr29LiPneqq2Edvze5MRJOgIdqHeP+mVdISs1L4eI0yJodv8eddGf7QDcE/V8m9I0g3n3nCFGXILBWkoZ0XK448YC39QfopJwAkzJUnTxmhfcn7rOM2Z8G4pL
template:
metadata:
annotations:

4
resources/app-volumes/env/k3s-cluster/templates/gitea-pv.yaml vendored
View File

@@ -24,7 +24,7 @@ spec:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
- key: kubernetes.io/arch
operator: In
values:
- rpi5-cluster-node-2
- arm64